Privacy Policy

Last updated: 2026-06-02

This policy explains what AuctionEsp ("we", "the service") collects, why we collect it, who we share it with, and how we keep it safe. We've tried to keep it short and concrete; if anything is unclear, write to privacy@ebayesp.com.

1. What we collect

  • Account data — the email address you sign up with, an irreversible hash of your password (we never see the plaintext), and the tier you're on.
  • OAuth tokens — if you choose to sign in with Google or link your eBay account, we store an access token and a refresh token issued to us by that provider. eBay tokens authorize us to place bids on auctions you schedule. Google tokens are only used to verify your identity at login.
  • Activity data — the snipes you schedule (item id, max bid, end time), the keywords you choose to track, and the public marketplace listing data we collect against those keywords.
  • Payment data — if you upgrade to a paid tier, we record the PayPal order id, capture id, amount, and status. We never see or store your payment card number; that stays with PayPal.
  • Operational data — minimal server logs (timestamps, IP addresses, HTTP status codes) used for security and debugging.

2. How we use it

  • To run the features you signed up for: sniping, price tracking, deal alerts.
  • To bill paid subscriptions through PayPal.
  • To send transactional email (account confirmation, password reset, payment receipts). We do not send marketing email.
  • To enforce rate limits and prevent abuse.

3. Who we share data with

Only the third parties strictly needed to provide the service:

  • eBay — when you authorize us via eBay user OAuth, we use their Trading API to place bids you've scheduled and their Browse API to read public listing data for price tracking. eBay's privacy practices apply to data they hold. (eBay Privacy Notice)
  • PayPal — payment processing for paid tier upgrades. (PayPal Privacy Statement)
  • Google — only when you choose Sign in with Google. (Google Privacy Policy)

We do not sell your data to advertisers or other third parties. We do not place advertising cookies.

4. How we store and protect it

  • Passwords are stored as one-way bcrypt/argon2 hashes — they are not reversible even by us.
  • OAuth tokens (eBay, refresh tokens, integration credentials) are encrypted at rest with AES-256-GCM using a server-side master key.
  • All traffic between your browser and the service is encrypted in transit with HTTPS (TLS).
  • Production servers are accessible only to operations staff via authenticated channels.

5. Your rights

  • Access — the dashboard shows every snipe, tracked keyword, deal, and payment we have for you. Your profile is at /api/me.
  • Unlink third-party accounts — the dashboard has explicit Unlink buttons for Google and eBay; clicking them deletes our copy of those tokens immediately.
  • Delete your account — email privacy@ebayesp.com from the address on file and we will remove all data we hold for you, except what we are legally required to retain (e.g. payment records for tax purposes).
  • If you are in a jurisdiction with statutory data rights (EU/UK GDPR, California CCPA, etc.) we honor those.

6. Cookies

We use a single PHP session cookie during the OAuth round-trip to bind a login attempt to the correct user. We do not use analytics, advertising, or cross-site tracking cookies. JWT access and refresh tokens used by the web UI are stored in your browser's localStorage, not in cookies.

7. Children

AuctionEsp is not directed at children under 13, and we do not knowingly collect data from them.

8. Changes to this policy

If we materially change what we collect or how we use it, we'll update the date at the top and notify active users by email at least 14 days before the change takes effect.

9. Contact

Questions, requests, or complaints: privacy@ebayesp.com.